Implement permission management and enhance user interface for permissions in the application
Add new permission routes and integrate permission checks across various existing routes to ensure proper access control. Update the UserClub model to include role and permissions fields, allowing for more granular user access management. Enhance the frontend by introducing a user dropdown menu for managing permissions and displaying relevant options based on user roles. Improve the overall user experience by implementing permission-based visibility for navigation links and actions throughout the application.
This commit is contained in:
Torsten Schulz (local)
@@ -25,7 +25,7 @@ export const addClub = async (req, res) => {
|
||||
}
|
||||
|
||||
const newClub = await ClubService.createClub(clubName);
|
||||
await ClubService.addUserToClub(user.id, newClub.id);
|
||||
await ClubService.addUserToClub(user.id, newClub.id, true); // true = isOwner
|
||||
res.status(200).json(newClub);
|
||||
} catch (error) {
|
||||
console.error('[addClub] - error:', error);
|
||||
|
||||
152
backend/controllers/permissionController.js
Normal file
152
backend/controllers/permissionController.js
Normal file
@@ -0,0 +1,152 @@
|
||||
import permissionService from '../services/permissionService.js';
|
||||
|
||||
/**
|
||||
* Get user's permissions for a club
|
||||
*/
|
||||
export const getUserPermissions = async (req, res) => {
|
||||
try {
|
||||
const { clubId } = req.params;
|
||||
const userId = req.user.id;
|
||||
|
||||
const permissions = await permissionService.getUserClubPermissions(userId, parseInt(clubId));
|
||||
|
||||
if (!permissions) {
|
||||
return res.status(404).json({ error: 'Keine Berechtigungen gefunden' });
|
||||
}
|
||||
|
||||
res.json(permissions);
|
||||
} catch (error) {
|
||||
console.error('Error getting user permissions:', error);
|
||||
res.status(500).json({ error: 'Fehler beim Abrufen der Berechtigungen' });
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Get all club members with their permissions
|
||||
*/
|
||||
export const getClubMembersWithPermissions = async (req, res) => {
|
||||
try {
|
||||
const { clubId } = req.params;
|
||||
const userId = req.user.id;
|
||||
|
||||
const members = await permissionService.getClubMembersWithPermissions(
|
||||
parseInt(clubId),
|
||||
userId
|
||||
);
|
||||
|
||||
res.json(members);
|
||||
} catch (error) {
|
||||
console.error('Error getting club members with permissions:', error);
|
||||
if (error.message === 'Keine Berechtigung zum Anzeigen von Berechtigungen') {
|
||||
return res.status(403).json({ error: error.message });
|
||||
}
|
||||
res.status(500).json({ error: 'Fehler beim Abrufen der Mitglieder' });
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Update user role
|
||||
*/
|
||||
export const updateUserRole = async (req, res) => {
|
||||
try {
|
||||
const { clubId, userId: targetUserId } = req.params;
|
||||
const { role } = req.body;
|
||||
const updatingUserId = req.user.id;
|
||||
|
||||
const result = await permissionService.setUserRole(
|
||||
parseInt(targetUserId),
|
||||
parseInt(clubId),
|
||||
role,
|
||||
updatingUserId
|
||||
);
|
||||
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('Error updating user role:', error);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Update user custom permissions
|
||||
*/
|
||||
export const updateUserPermissions = async (req, res) => {
|
||||
try {
|
||||
const { clubId, userId: targetUserId } = req.params;
|
||||
const { permissions } = req.body;
|
||||
const updatingUserId = req.user.id;
|
||||
|
||||
const result = await permissionService.setCustomPermissions(
|
||||
parseInt(targetUserId),
|
||||
parseInt(clubId),
|
||||
permissions,
|
||||
updatingUserId
|
||||
);
|
||||
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('Error updating user permissions:', error);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Get available roles
|
||||
*/
|
||||
export const getAvailableRoles = async (req, res) => {
|
||||
try {
|
||||
const roles = permissionService.getAvailableRoles();
|
||||
res.json(roles);
|
||||
} catch (error) {
|
||||
console.error('Error getting available roles:', error);
|
||||
res.status(500).json({ error: 'Fehler beim Abrufen der Rollen' });
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Get permission structure
|
||||
*/
|
||||
export const getPermissionStructure = async (req, res) => {
|
||||
try {
|
||||
const structure = permissionService.getPermissionStructure();
|
||||
res.json(structure);
|
||||
} catch (error) {
|
||||
console.error('Error getting permission structure:', error);
|
||||
res.status(500).json({ error: 'Fehler beim Abrufen der Berechtigungsstruktur' });
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Update user status (activate/deactivate)
|
||||
*/
|
||||
export const updateUserStatus = async (req, res) => {
|
||||
try {
|
||||
const { clubId, userId: targetUserId } = req.params;
|
||||
const { approved } = req.body;
|
||||
const updatingUserId = req.user.id;
|
||||
|
||||
const result = await permissionService.setUserStatus(
|
||||
parseInt(targetUserId),
|
||||
parseInt(clubId),
|
||||
approved,
|
||||
updatingUserId
|
||||
);
|
||||
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
console.error('Error updating user status:', error);
|
||||
res.status(400).json({ error: error.message });
|
||||
}
|
||||
};
|
||||
|
||||
export default {
|
||||
getUserPermissions,
|
||||
getClubMembersWithPermissions,
|
||||
updateUserRole,
|
||||
updateUserPermissions,
|
||||
updateUserStatus,
|
||||
getAvailableRoles,
|
||||
getPermissionStructure
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user